Comment 1 Edwin Groothuis 2012-12-19 11:30:31 UTC

Responsible Changed
From-To: freebsd-ports-bugs->bdrewery

Over to maintainer (via the GNATS Auto Assign Tool)

Comment 2 Bryan Drewery 2013-01-09 16:56:43 UTC

State Changed
From-To: open->analyzed

Will consider adding this when updating to 5.9

Comment 3 dfilter service 2013-04-17 01:35:51 UTC

Author: bdrewery
Date: Wed Apr 17 00:35:31 2013
New Revision: 315920
URL: http://svnweb.freebsd.org/changeset/ports/315920

Log:
  - Remove compatibiliy for FreeBSD <4.x
    * /var/empty has been in hier(7) since 4.x
    * User sshd has been in base since 4.x
    * Simplify a patch for realhostname_sa(3) usage
  - Remove SUID_SSH - It was removed from ssh in 2002
  - Fix 'make test'
  - Add some hints into the patches on where they came from
  - Mirror all patches
  - Move LPK patch out of files/
  - Remove the need for 2 patches
    * Removal of 'host-key check-config' in install phase
    * Adding -lutil
  - Add SCTP support [1]
  - Remove FILECONTROL as it has not been supported since the 5.8
    update
  - Replace tab with space pkg-descr
  - Remove default WRKSRC
  - Add 'configtest' command to rc script
  - Mark X509 broken with other patches due to PATCH_DIST_STRIP=-p1
  
  PR:		ports/174570 [1]
  Submitted by:	oleg <proler@gmail.com> [1]
  Obtained from:	https://bugzilla.mindrot.org/show_bug.cgi?id=2016 (upstream) [1]
  Feature safe:	yes

Deleted:
  head/security/openssh-portable/files/extra-patch-configure
  head/security/openssh-portable/files/openssh-lpk-5.8p2.patch
  head/security/openssh-portable/files/patch-Makefile.in
Modified:
  head/security/openssh-portable/Makefile
  head/security/openssh-portable/distinfo
  head/security/openssh-portable/files/openssh.in
  head/security/openssh-portable/files/patch-auth.c
  head/security/openssh-portable/files/patch-auth1.c
  head/security/openssh-portable/files/patch-auth2.c
  head/security/openssh-portable/files/patch-loginrec.c
  head/security/openssh-portable/files/patch-readconf.c
  head/security/openssh-portable/files/patch-servconf.c
  head/security/openssh-portable/files/patch-session.c
  head/security/openssh-portable/files/patch-ssh-agent.c
  head/security/openssh-portable/files/patch-ssh.c
  head/security/openssh-portable/files/patch-ssh_config
  head/security/openssh-portable/files/patch-ssh_config.5
  head/security/openssh-portable/files/patch-sshd.8
  head/security/openssh-portable/files/patch-sshd.c
  head/security/openssh-portable/files/patch-sshd_config
  head/security/openssh-portable/files/patch-sshd_config.5
  head/security/openssh-portable/pkg-descr
  head/security/openssh-portable/pkg-plist

Modified: head/security/openssh-portable/Makefile
==============================================================================
--- head/security/openssh-portable/Makefile	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/Makefile	Wed Apr 17 00:35:31 2013	(r315920)
@@ -13,8 +13,6 @@ PKGNAMESUFFIX=	-portable
 MAINTAINER=	bdrewery@FreeBSD.org
 COMMENT=	The portable version of OpenBSD's OpenSSH
 
-WRKSRC=		${WRKDIR}/${PORTNAME}-${DISTVERSION}
-
 MAN1=	sftp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 scp.1 ssh.1
 MLINKS=	ssh.1 slogin.1
 MAN5=	moduli.5 ssh_config.5 sshd_config.5
@@ -22,7 +20,12 @@ MAN8=	sftp-server.8 sshd.8 ssh-keysign.8
 
 CONFLICTS?=		openssh-3.* ssh-1.* ssh2-3.*
 
+# XXX: ports/52706 will allow using DEFAULT,x509,gsskex here.
+PATCH_SITES+=		http://mirror.shatow.net/freebsd/${PORTNAME}/ \
+			http://mirror.shatow.net/freebsd/${PORTNAME}/:x509,gsskex
+
 USE_PERL5_BUILD=	yes
+USE_AUTOTOOLS=		autoconf autoheader
 USE_OPENSSL=		yes
 GNU_CONFIGURE=		yes
 CONFIGURE_ENV=		ac_cv_func_strnvis=no
@@ -36,37 +39,46 @@ ETCOLD=			${PREFIX}/etc
 SUDO?=		# empty
 MAKE_ENV+=	SUDO="${SUDO}"
 
-OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT SUID_SSH BSM KERBEROS \
-			KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 FILECONTROL \
-			OVERWRITE_BASE
+OPTIONS_DEFINE=		PAM TCP_WRAPPERS LIBEDIT BSM KERBEROS \
+			KERB_GSSAPI OPENSSH_CHROOT HPN LPK X509 \
+			OVERWRITE_BASE SCTP
 OPTIONS_DEFAULT=	LIBEDIT PAM TCP_WRAPPERS
 TCP_WRAPPERS_DESC=	Enable tcp_wrappers support
-SUID_SSH_DESC=		Enable suid SSH (Recommended off)
 BSM_DESC=		Enable OpenBSM Auditing
 KERB_GSSAPI_DESC=	Enable Kerberos/GSSAPI patch (req: GSSAPI)
 OPENSSH_CHROOT_DESC=	Enable CHROOT support
 HPN_DESC=		Enable HPN-SSH patch
 LPK_DESC=		Enable LDAP Public Key (LPK) patch
 X509_DESC=		Enable x509 certificate patch
-FILECONTROL_DESC=	Enable file control patch (broken)
+SCTP_DESC=		Enable SCTP support
 OVERWRITE_BASE_DESC=	OpenSSH overwrite base
 
 .include <bsd.port.pre.mk>
 
 .if ${OSVERSION} >= 900000
-EXTRA_PATCHES=	${FILESDIR}/extra-patch-configure
+CONFIGURE_LIBS+=	-lutil
 .endif
 
 .if ${OSVERSION} >= 900007
 CONFIGURE_ARGS+=	--disable-utmp --disable-wtmp --disable-wtmpx --without-lastlog
 .endif
 
-.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MHPN}
-BROKEN=		X509 patches and HPN patches do not apply cleanly together
-.endif
+.if ${PORT_OPTIONS:MX509}
+.  if ${PORT_OPTIONS:MHPN}
+BROKEN=		X509 patch and HPN patch do not apply cleanly together
+.  endif
 
-.if ${PORT_OPTIONS:MX509} && ${PORT_OPTIONS:MKERB_GSSAPI}
+.  if ${PORT_OPTIONS:MKERB_GSSAPI}
 BROKEN=		X509 patch incompatible with KERB_GSSAPI patch
+.  endif
+
+.  if ${PORT_OPTIONS:MSCTP}
+BROKEN=		X509 patch and SCTP patch do not apply cleanly together
+.  endif
+
+.  if ${PORT_OPTIONS:MLPK}
+BROKEN=		X509 patch and LPK patch do not apply cleanly together
+.  endif
 .endif
 
 .if defined(OPENSSH_OVERWRITE_BASE)
@@ -85,10 +97,6 @@ CONFIGURE_ARGS+=	--with-tcp-wrappers
 CONFIGURE_ARGS+=	--with-libedit
 .endif
 
-.if !${PORT_OPTIONS:MSUID_SSH}
-CONFIGURE_ARGS+=	--disable-suid-ssh
-.endif
-
 .if ${PORT_OPTIONS:MBSM}
 CONFIGURE_ARGS+=	--with-audit=bsm
 .endif
@@ -97,8 +105,8 @@ CONFIGURE_ARGS+=	--with-audit=bsm
 CONFIGURE_ARGS+=	--with-kerberos5
 LIB_DEPENDS+=		krb5.3:${PORTSDIR}/security/krb5
 .if ${PORT_OPTIONS:MKERB_GSSAPI}
-PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/
-PATCHFILES+=		openssh-5.7p1-gsskex-all-20110125.patch
+PATCH_SITES+=		http://www.sxw.org.uk/computing/patches/:gsskex
+PATCHFILES+=		openssh-5.7p1-gsskex-all-20110125.patch:gsskex
 PATCH_DIST_STRIP=
 .endif
 .if ${OPENSSLBASE} == "/usr"
@@ -115,8 +123,8 @@ CONFIGURE_ARGS+=	--with-ssl-dir=${OPENSS
 CFLAGS+=		-DCHROOT
 .endif
 
+# http://www.psc.edu/index.php/hpn-ssh
 .if ${PORT_OPTIONS:MHPN}
-PATCH_SITES+=		http://mirror.shatow.net/freebsd/${PORTNAME}/
 PATCHFILES+=		${PORTNAME}-5.8p1-hpn13v11.diff.gz
 PATCH_DIST_STRIP=
 .endif
@@ -125,19 +133,19 @@ PATCH_DIST_STRIP=
 # and svn repo described here:
 # http://code.google.com/p/openssh-lpk/source/checkout
 .if ${PORT_OPTIONS:MLPK}
-EXTRA_PATCHES+=		${FILESDIR}/openssh-lpk-5.8p2.patch
+PATCHFILES+=		${PORTNAME}-lpk-5.8p2.patch.gz
 USE_OPENLDAP=		yes
 CPPFLAGS+=		-I${LOCALBASE}/include
 CONFIGURE_ARGS+=	--with-ldap=yes \
-			--with-libs='-lldap' \
 			--with-ldflags='-L${LOCALBASE}/lib' \
 			--with-cppflags='${CPPFLAGS}'
+CONFIGURE_LIBS+=	-lldap
 .endif
 
 # See http://www.roumenpetrov.info/openssh/
 .if ${PORT_OPTIONS:MX509}
-PATCH_SITES+=		http://www.roumenpetrov.info/openssh/x509-7.0/
-PATCHFILES+=		${PORTNAME}-5.8p1+x509-7.0.diff.gz
+PATCH_SITES+=		http://www.roumenpetrov.info/openssh/x509-7.0/:x509
+PATCHFILES+=		${PORTNAME}-5.8p1+x509-7.0.diff.gz:x509
 PATCH_DIST_STRIP=	-p1
 PLIST_SUB+=		X509=""
 MAN5+=			ssh_engine.5
@@ -145,33 +153,24 @@ MAN5+=			ssh_engine.5
 PLIST_SUB+=		X509="@comment "
 .endif
 
-# See http://sftpfilecontrol.sourceforge.net/
-.if ${PORT_OPTIONS:MFILECONTROL}
-# Latest sftpfilecontrol patch is against 5.4p1 which does not apply
-# cleanly against 5.8p2, but it's close.
-BROKEN=			latest upstream sftp file control public key patch is not up to date for OpenSSH 5.8p2
-EXTRA_PATCHES+=		${FILESDIR}/openssh-${DISTVERSION}.sftpfilecontrol-v1.3.patch
+# See https://bugzilla.mindrot.org/show_bug.cgi?id=2016
+.if ${PORT_OPTIONS:MSCTP}
+PATCHFILES+=		${PORTNAME}-sctp-2163.patch.gz
+CONFIGURE_ARGS+=	--with-sctp
 .endif
 
+EMPTYDIR=		/var/empty
+
 .if ${PORT_OPTIONS:MOVERWRITE_BASE}
 WITH_OPENSSL_BASE=	yes
 CONFIGURE_ARGS+=	--localstatedir=/var
-EMPTYDIR=		/var/empty
 PREFIX=			/usr
 ETCSSH=			/etc/ssh
 USE_RCORDER=		openssh
 PLIST_SUB+=		NOTBASE="@comment "
 PLIST_SUB+=		BASE=""
 PLIST_SUB+=		BASEPREFIX="${PREFIX}"
-PLIST_SUB+=		ERASEEMPTY="@comment "
 .else
-.if exists(/var/empty)
-EMPTYDIR=		/var/empty
-PLIST_SUB+=		ERASEEMPTY="@comment "
-.else
-EMPTYDIR=		${PREFIX}/empty
-PLIST_SUB+=		ERASEEMPTY=""
-.endif
 ETCSSH=			${PREFIX}/etc/ssh
 USE_RC_SUBR=		openssh
 PLIST_SUB+=		NOTBASE=""
@@ -180,13 +179,16 @@ PLIST_SUB+=		BASE="@comment "
 
 # After all
 SUB_LIST+=		ETCSSH="${ETCSSH}"
-PLIST_SUB+=		EMPTYDIR="${EMPTYDIR}"
 CONFIGURE_ARGS+=	--sysconfdir=${ETCSSH} --with-privsep-path=${EMPTYDIR}
+.if !empty(CONFIGURE_LIBS)
+CONFIGURE_ARGS+=	--with-libs='${CONFIGURE_LIBS}'
+.endif
 
 RC_SCRIPT_NAME=		openssh
 
 post-patch:
 	@${REINPLACE_CMD} -e 's|-ldes|-lcrypto|g' ${WRKSRC}/configure
+	@${REINPLACE_CMD} -e 's|install: \(.*\) host-key check-config|install: \1|g' ${WRKSRC}/Makefile.in
 	@${REINPLACE_CMD} -e 's|%%PREFIX%%|${LOCALBASE}|' \
 		-e 's|%%RC_SCRIPT_NAME%%|${RC_SCRIPT_NAME}|' ${WRKSRC}/sshd.8
 	@${REINPLACE_CMD} -E -e 's|SSH_VERSION|TMP_SSH_VERSION|' \
@@ -203,10 +205,6 @@ post-patch:
 .endif
 
 pre-su-install:
-	@${MKDIR} ${EMPTYDIR}
-	if ! pw groupshow sshd; then pw groupadd sshd -g 22; fi
-	if ! pw usershow sshd; then pw useradd sshd -g sshd -u 22 \
-		-h - -d ${EMPTYDIR} -s /nonexistent -c "sshd privilege separation"; fi
 .if !exists(${ETCSSH})
 	@${MKDIR} ${ETCSSH}
 .endif
@@ -224,7 +222,7 @@ post-install:
 	@${CAT} ${PKGMESSAGE}
 
 test:	build
-	(cd ${WRKSRC}/regress && ${SETENV} ${MAKE_ENV} TEST_SHELL=/bin/sh \
+	(cd ${WRKSRC}/regress && ${SETENV} OBJ=${WRKDIR} ${MAKE_ENV} TEST_SHELL=/bin/sh \
 		PATH=${WRKSRC}:${PREFIX}/bin:${PREFIX}/sbin:${PATH} \
 		${MAKE} ${MAKE_FLAGS} ${MAKEFILE} ${MAKE_ARGS})
 

Modified: head/security/openssh-portable/distinfo
==============================================================================
--- head/security/openssh-portable/distinfo	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/distinfo	Wed Apr 17 00:35:31 2013	(r315920)
@@ -6,3 +6,7 @@ SHA256 (openssh-5.8p1+x509-7.0.diff.gz) 
 SIZE (openssh-5.8p1+x509-7.0.diff.gz) = 184277
 SHA256 (openssh-5.7p1-gsskex-all-20110125.patch) = bfdc72c3d7d5d4f9f8a78b649988dff8fad780cfa72bad4a69eb94c54de9a359
 SIZE (openssh-5.7p1-gsskex-all-20110125.patch) = 91889
+SHA256 (openssh-lpk-5.8p2.patch.gz) = 718221d13a09fdf5be857cc4b349e61698c42ae47bd357bd5c83f331d490c6c7
+SIZE (openssh-lpk-5.8p2.patch.gz) = 17822
+SHA256 (openssh-sctp-2163.patch.gz) = 86ac3a59119c9c26193334d8ba7c3be9f143209080e4f8a2a00577c24c0c9e03
+SIZE (openssh-sctp-2163.patch.gz) = 6764

Modified: head/security/openssh-portable/files/openssh.in
==============================================================================
--- head/security/openssh-portable/files/openssh.in	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/openssh.in	Wed Apr 17 00:35:31 2013	(r315920)
@@ -25,9 +25,11 @@ load_rc_config ${name}
 : ${openssh_skipportscheck="NO"}
 
 command=%%PREFIX%%/sbin/sshd
-extra_commands="reload keygen"
+extra_commands="configtest reload keygen"
 start_precmd="${name}_checks"
+reload_precmd="${name}_configtest"
 restart_precmd="${name}_checks"
+configtest_cmd="${name}_configtest"
 keygen_cmd="${name}_keygen"
 pidfile=${openssh_pidfile:="/var/run/sshd.pid"}
 
@@ -137,6 +139,12 @@ openssh_check_same_ports(){
     fi
 }
 
+openssh_configtest()
+{
+	echo "Performing sanity check on ${name} configuration."
+	eval ${command} ${openssh_flags} -t
+}
+
 openssh_checks()
 {
 	if checkyesno sshd_enable ; then
@@ -146,7 +154,7 @@ openssh_checks()
 	fi
 
 	run_rc_command keygen
-	eval "${command} -t"
+	openssh_configtest
 }
 
 run_rc_command "$1"

Modified: head/security/openssh-portable/files/patch-auth.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-auth.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,12 @@
+r100838 | fanf | 2002-07-28 19:36:24 -0500 (Sun, 28 Jul 2002) | 7 lines
+Changed paths:
+   M /head/crypto/openssh/auth.c
+
+Use login_getpwclass() instead of login_getclass() so that the root
+vs. default login class distinction is made correctly.
+
+PR:             37416
+
 --- auth.c.orig	2010-08-12 11:33:01.000000000 -0600
 +++ auth.c	2010-09-14 16:14:12.000000000 -0600
 @@ -594,7 +594,7 @@

Modified: head/security/openssh-portable/files/patch-auth1.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth1.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-auth1.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,20 @@
+r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
+Changed paths:
+   M /head/security/hpn-ssh/Makefile
+   M /head/security/hpn-ssh/files/patch-auth.c
+   A /head/security/hpn-ssh/files/patch-auth1.c
+   A /head/security/hpn-ssh/files/patch-auth2.c
+   M /head/security/hpn-ssh/files/patch-session.c
+   M /head/security/openssh-portable/Makefile
+   M /head/security/openssh-portable/files/patch-auth.c
+   A /head/security/openssh-portable/files/patch-auth1.c
+   A /head/security/openssh-portable/files/patch-auth2.c
+   M /head/security/openssh-portable/files/patch-session.c
+
+Merged patches for HAVE_LOGIN_CAP from stable
+
+PR:             35904
+
 --- auth1.c.orig	2010-06-25 18:01:33.000000000 -0600
 +++ auth1.c	2010-09-14 16:14:12.000000000 -0600
 @@ -40,6 +40,7 @@

Modified: head/security/openssh-portable/files/patch-auth2.c
==============================================================================
--- head/security/openssh-portable/files/patch-auth2.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-auth2.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,20 @@
+r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
+Changed paths:
+   M /head/security/hpn-ssh/Makefile
+   M /head/security/hpn-ssh/files/patch-auth.c
+   A /head/security/hpn-ssh/files/patch-auth1.c
+   A /head/security/hpn-ssh/files/patch-auth2.c
+   M /head/security/hpn-ssh/files/patch-session.c
+   M /head/security/openssh-portable/Makefile
+   M /head/security/openssh-portable/files/patch-auth.c
+   A /head/security/openssh-portable/files/patch-auth1.c
+   A /head/security/openssh-portable/files/patch-auth2.c
+   M /head/security/openssh-portable/files/patch-session.c
+
+Merged patches for HAVE_LOGIN_CAP from stable
+
+PR:             35904
+
 --- auth2.c.orig	2009-06-22 00:11:07.000000000 -0600
 +++ auth2.c	2010-09-14 16:14:12.000000000 -0600
 @@ -46,6 +46,7 @@

Modified: head/security/openssh-portable/files/patch-loginrec.c
==============================================================================
--- head/security/openssh-portable/files/patch-loginrec.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-loginrec.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,26 +1,28 @@
---- loginrec.c.orig	2010-04-09 02:13:27.000000000 -0600
-+++ loginrec.c	2010-09-14 16:14:12.000000000 -0600
-@@ -179,6 +179,9 @@
- #ifdef HAVE_UTIL_H
- # include <util.h>
- #endif
-+#ifdef __FreeBSD__
-+#include <osreldate.h>
-+#endif
- 
- #ifdef HAVE_LIBUTIL_H
- # include <libutil.h>
-@@ -693,8 +696,13 @@
+r63028 | dinoex | 2002-07-15 15:08:01 -0500 (Mon, 15 Jul 2002) | 6 lines
+
+- Fix Problem with HAVE_HOST_IN_UTMP
+- update monitor.c
+
+PR:             40576
+Submitted by:   lxv@a-send-pr.sink.omut.org
+
+r99768 | des | 2002-07-11 05:36:10 -0500 (Thu, 11 Jul 2002) | 6 lines
+
+Use realhostname_sa(3) so the IP address will be used instead of the
+hostname if the latter is too long for utmp.
+
+Submitted by:   ru
+
+--- loginrec.c.orig	2013-04-14 08:28:40.482762815 -0500
++++ loginrec.c	2013-04-14 08:29:03.723757797 -0500
+@@ -694,8 +694,8 @@
  	strncpy(ut->ut_name, li->username,
  	    MIN_SIZEOF(ut->ut_name, li->username));
  # ifdef HAVE_HOST_IN_UTMP
-+# if defined(__FreeBSD__) && __FreeBSD_version < 400000
- 	strncpy(ut->ut_host, li->hostname,
- 	    MIN_SIZEOF(ut->ut_host, li->hostname));
-+# else
+-	strncpy(ut->ut_host, li->hostname,
+-	    MIN_SIZEOF(ut->ut_host, li->hostname));
 +	realhostname_sa(ut->ut_host, sizeof ut->ut_host,
 +	    &li->hostaddr.sa, li->hostaddr.sa.sa_len);
-+# endif
  # endif
  # ifdef HAVE_ADDR_IN_UTMP
  	/* this is just a 32-bit IP address */

Modified: head/security/openssh-portable/files/patch-readconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-readconf.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-readconf.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,11 @@
+r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+   M /head/crypto/openssh/myproposal.h
+   M /head/crypto/openssh/readconf.c
+   M /head/crypto/openssh/servconf.c
+
+Apply FreeBSD's configuration defaults.
+
 --- readconf.c.orig	2010-08-03 00:04:46.000000000 -0600
 +++ readconf.c	2010-09-14 16:14:12.000000000 -0600
 @@ -1169,7 +1169,7 @@

Modified: head/security/openssh-portable/files/patch-servconf.c
==============================================================================
--- head/security/openssh-portable/files/patch-servconf.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-servconf.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,11 @@
+r99048 | des | 2002-06-29 05:51:56 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+   M /head/crypto/openssh/myproposal.h
+   M /head/crypto/openssh/readconf.c
+   M /head/crypto/openssh/servconf.c
+
+Apply FreeBSD's configuration defaults.
+
 --- servconf.c.orig	2010-06-25 17:38:45.000000000 -0600
 +++ servconf.c	2010-09-14 16:14:12.000000000 -0600
 @@ -139,7 +139,7 @@

Modified: head/security/openssh-portable/files/patch-session.c
==============================================================================
--- head/security/openssh-portable/files/patch-session.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-session.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,20 @@
+r56266 | dinoex | 2002-03-17 14:24:24 -0600 (Sun, 17 Mar 2002) | 4 lines
+Changed paths:
+   M /head/security/hpn-ssh/Makefile
+   M /head/security/hpn-ssh/files/patch-auth.c
+   A /head/security/hpn-ssh/files/patch-auth1.c
+   A /head/security/hpn-ssh/files/patch-auth2.c
+   M /head/security/hpn-ssh/files/patch-session.c
+   M /head/security/openssh-portable/Makefile
+   M /head/security/openssh-portable/files/patch-auth.c
+   A /head/security/openssh-portable/files/patch-auth1.c
+   A /head/security/openssh-portable/files/patch-auth2.c
+   M /head/security/openssh-portable/files/patch-session.c
+
+Merged patches for HAVE_LOGIN_CAP from stable
+
+PR:             35904
+
 --- session.c.orig	2011-07-21 18:55:33.883559116 +0200
 +++ session.c	2011-07-21 19:02:17.789294035 +0200
 @@ -896,6 +896,24 @@

Modified: head/security/openssh-portable/files/patch-ssh-agent.c
==============================================================================
--- head/security/openssh-portable/files/patch-ssh-agent.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-ssh-agent.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,7 @@
+r110506 | des | 2003-02-07 09:48:27 -0600 (Fri, 07 Feb 2003) | 4 lines
+
+Set the ruid to the euid at startup as a workaround for a bug in pam_ssh.
+
 --- ssh-agent.c.orig	2010-04-15 23:56:22.000000000 -0600
 +++ ssh-agent.c	2010-09-14 16:14:13.000000000 -0600
 @@ -1086,6 +1086,7 @@

Modified: head/security/openssh-portable/files/patch-ssh.c
==============================================================================
--- head/security/openssh-portable/files/patch-ssh.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-ssh.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,6 +1,10 @@
 $FreeBSD$
 
-Make the same change to use the canonical hostname as the base FreeBSD ssh.
+r99054 | des | 2002-06-29 05:57:53 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+   M /head/crypto/openssh/ssh.c
+
+Canonicize the host name before looking it up in the host file.
 
 --- ssh.c.orig	2010-08-16 09:59:31.000000000 -0600
 +++ ssh.c	2010-08-25 17:55:01.000000000 -0600

Modified: head/security/openssh-portable/files/patch-ssh_config
==============================================================================
--- head/security/openssh-portable/files/patch-ssh_config	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-ssh_config	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,8 @@
+r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
+
+Document the FreeBSD default for CheckHostIP, which was changed in
+rev 1.2 of readconf.c.
+
 --- ssh_config.orig	2010-01-12 01:40:27.000000000 -0700
 +++ ssh_config	2010-09-14 16:14:13.000000000 -0600
 @@ -27,7 +27,7 @@

Modified: head/security/openssh-portable/files/patch-ssh_config.5
==============================================================================
--- head/security/openssh-portable/files/patch-ssh_config.5	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-ssh_config.5	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,8 @@
+r100678 | fanf | 2002-07-25 10:59:40 -0500 (Thu, 25 Jul 2002) | 5 lines
+
+Document the FreeBSD default for CheckHostIP, which was changed in
+rev 1.2 of readconf.c.
+
 --- ssh_config.5.orig	2010-08-04 21:03:13.000000000 -0600
 +++ ssh_config.5	2010-09-14 16:14:13.000000000 -0600
 @@ -164,7 +164,7 @@

Modified: head/security/openssh-portable/files/patch-sshd.8
==============================================================================
--- head/security/openssh-portable/files/patch-sshd.8	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-sshd.8	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,5 @@
+Document FreeBSD/port-specific paths
+
 --- sshd.8.orig	2010-08-04 21:03:13.000000000 -0600
 +++ sshd.8	2010-09-14 16:14:14.000000000 -0600
 @@ -70,7 +70,7 @@

Modified: head/security/openssh-portable/files/patch-sshd.c
==============================================================================
--- head/security/openssh-portable/files/patch-sshd.c	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-sshd.c	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,13 @@
+r109683 | des | 2003-01-22 08:12:59 -0600 (Wed, 22 Jan 2003) | 7 lines
+Changed paths:
+   M /head/crypto/openssh/sshd.c
+
+Force early initialization of the resolver library, since the resolver
+configuration files will no longer be available once sshd is chrooted.
+
+PR:             39953, 40894
+Submitted by:   dinoex
+
 --- sshd.c.orig	2010-04-15 23:56:22.000000000 -0600
 +++ sshd.c	2010-09-14 16:14:13.000000000 -0600
 @@ -83,6 +83,13 @@

Modified: head/security/openssh-portable/files/patch-sshd_config
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-sshd_config	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,10 @@
+r99051 | des | 2002-06-29 05:55:18 -0500 (Sat, 29 Jun 2002) | 4 lines
+Changed paths:
+   M /head/crypto/openssh/ssh_config
+   M /head/crypto/openssh/sshd_config
+
+Document FreeBSD defaults.
+
 --- sshd_config.orig	2009-10-11 04:51:09.000000000 -0600
 +++ sshd_config	2010-09-14 16:14:13.000000000 -0600
 @@ -36,7 +36,7 @@

Modified: head/security/openssh-portable/files/patch-sshd_config.5
==============================================================================
--- head/security/openssh-portable/files/patch-sshd_config.5	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/files/patch-sshd_config.5	Wed Apr 17 00:35:31 2013	(r315920)
@@ -1,3 +1,5 @@
+Document defaults
+
 --- sshd_config.5.orig	2010-07-01 21:37:17.000000000 -0600
 +++ sshd_config.5	2010-08-31 05:27:27.000000000 -0600
 @@ -223,7 +223,9 @@

Modified: head/security/openssh-portable/pkg-descr
==============================================================================
--- head/security/openssh-portable/pkg-descr	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/pkg-descr	Wed Apr 17 00:35:31 2013	(r315920)
@@ -12,4 +12,4 @@ are not synchronized. Portable releases 
 The official OpenBSD source will never use the 'p' suffix, but will instead
 increment the version number when they hit 'stable spots' in their development. 
 
-WWW:	http://www.openssh.org/portable.html
+WWW: http://www.openssh.org/portable.html

Modified: head/security/openssh-portable/pkg-plist
==============================================================================
--- head/security/openssh-portable/pkg-plist	Tue Apr 16 23:29:04 2013	(r315919)
+++ head/security/openssh-portable/pkg-plist	Wed Apr 17 00:35:31 2013	(r315920)
@@ -24,7 +24,3 @@ sbin/sshd
 libexec/sftp-server
 libexec/ssh-keysign
 libexec/ssh-pkcs11-helper
-@exec if [ ! -d %%EMPTYDIR%% ]; then mkdir -p %%EMPTYDIR%% ; fi
-%%ERASEEMPTY%%@dirrm empty
-@exec if ! pw groupshow sshd 2>/dev/null; then pw groupadd sshd -g 22; fi
-@exec if ! pw usershow sshd 2>/dev/null; then pw useradd sshd -g sshd -u 22 -h - -d %%EMPTYDIR%% -s /nonexistent -c "sshd privilege separation"; fi
_______________________________________________
svn-ports-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-ports-all
To unsubscribe, send any mail to "svn-ports-all-unsubscribe@freebsd.org"

Comment 4 Bryan Drewery 2013-04-17 01:36:14 UTC

State Changed
From-To: analyzed->closed

SCTP support added in r315920. Update to newer version still pending. 
Thanks!